Re: Administrivia #4883/flowpoints

[marc () MUCOM CO IL (Marc Esipovich)]

> > > depending on the version OS your flowpoint runs, you can limit what ip's
> > > can telnet in using the filter command.  if you apply that feature
> > > correctly, you effectively prohibit brute forcing the router pw.  treat it
> > > like cisco's access-list's retarded little brother and you wont be too
> > > disapointed.
> >
> > Well, adding a short delay in the code which authenticates the password
> > would make brute-force pretty painful and time-consuming.
>
> true.. adding a 5 second delay might make it take longer but the attack
5 seconds? that's far too long than necessary.

> might well still go undetected unless one is in the habit of checking the
> system history on the router,
Do you know someone who cares about security but fails to check his audit
logs?

> and i doubt the vast majority of flowpoint
> owners do this.
Obviously their problem.

> ultimately, delay code might turn a 1 day hack into a 1
> week hack,
1 week? over a 300msec round-trip line and a strong password which is not
taken from a dictionary? we're talking years.

> but it probably wont stop someone dedicated from getting in.
> id say the most efficient solution is the filter still.
Filters are always important, and yes, they come first,  but would you
filter against an intruder from the inside?

Besides, a dedicated intruder doesn't waste his time with attempts to
find the correct password, there are by far more efficient ways of "doing
it".

        Marc Esipovich.